Is it possible to have two VPN endpoints configured in two seperate sites. One as a primary and one as a DR site. All VPN peers should connect to the primary site, however if it is unavailble the connect to the DR VPN endpoint?
It is possible to have two VPN endpoints in two different sites as long as both sites can reach the same internal network and resources.
For example, if you have Site A and Site B, most likely both sites don't share the same internal network. This is a problem if connecting via VPN to the first site and fails to the second site. (This problem does not happen if both VPN endpoints are on the same location).
It is not impossible to have the failover for the two VPN endpoints on different sites, but you have to be very cautios with the routing (it all depends on the topology).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...